About Me

Since the 1990s I have been very involved with fighting the military "don't ask don't tell" policy for gays in the military, and with First Amendment issues. Best contact is 571-334-6107 (legitimate calls; messages can be left; if not picked up retry; I don't answer when driving) Three other url's: doaskdotell.com, billboushka.com johnwboushka.com Links to my URLs are provided for legitimate content and user navigation purposes only.
My legal name is "John William Boushka" or "John W. Boushka"; my parents gave me the nickname of "Bill" based on my middle name, and this is how I am generally greeted. This is also the name for my book authorship. On the Web, you can find me as both "Bill Boushka" and "John W. Boushka"; this has been the case since the late 1990s. Sometimes I can be located as "John Boushka" without the "W." That's the identity my parents dealt me in 1943!

Friday, February 19, 2016

Microsoft has provided a detailed writeup on Ransomware in its Malware Protection Center.

There is a lot of attention to Crowti, the most prevalent infection in 2015. Data cannot be recovered without paying “ransom” in bitcoins.

The second-most prevalent s FakeBsaod, which seems to be “scareware” because it can be avoided by using the Task Manager.

Microsoft says that its MSRT (Malicious Software Tool), which typically takes a long time to install, will disable these items.

But what seems a mystery is while Windows would still be vulnerable to this kind of attack from an executable in the first place.

They are most often encountered in phishing attacks, or sometimes with redirects on malicious websites (sometimes by keying in misspelled names of popular sites, especially “bews” for “news” which often results in scareware attacks. Some are “browser hijacks” that don’t load executables. To avoid this problem, it's safer to enter news site names into search engines first to check spelling.

CBS News is reporting a dangerous escalation in ransomware attacks, as in thisstory, which reports on a major infection of the data center of a California hospital. In some cases, companies, hospitals and even local government agencies have "paid up".

Wednesday, February 10, 2016

Today, a particular site that I use to promote one of my books gave me a security warning when I checked it on a different computer, at a car dealer’s, while my car was being serviced.'

The environment was Windows 7 with Symantec Norton as the security product. I do not use that on Windows at home. However, the same web page was all right at home when re-checked in Windows with Kaspersky, Trend Micro, and Webroot. I’ll check it soon on an old Mac with Norton.

It seems more common for some security packages to warn on sites for “phishing” or malware even when they seem not to be guilty. They may be depending just on user reports.

Update: February 13

I checked the site with Norton on an old Mac (OS 6.8) and did not get the error.

Thursday, February 04, 2016

Today, I tried my “doaskdotell.com” legacy site in Microsoft Edge under Windows 10, and kept getting a warning to verify (with a captcha) that I knew the site and that it is not a phishing domain. It kept repeating the warning and verification despite my verififcation. Internet Explorer is not doing this in other versions of Windows, and other browsers are not.

This behavior happened only on the home page, not subordinate pages.

I have checked stats on the domain and not found it had sent any email. I normally do not use its email.

From late Saturday, January 30, until around 6 PM EST Monday, February 1, the site was down because of an unspecified Windows shared hosting problem. Outages are rare. I kept getting “ERR_CONN_RESET”. That normally means that the checksum at the transport layer doesn’t match the actual data count on the page. Apparently, the server had stopped sending checksums, maybe because of a local hardware or firmware problem. “Tracert” showed that the domain could be reached. The outage did not appear to be related to malware or a DDOS.

But I don’t believe the problem is related to “Edge” behavior now. This seems like something new in Windows 10.

The issue might occur because there is now a ".org" domain for the name belonging to a non-profit organization, whereas I am an individual (and maybe Windows 10 and Edge checks for this); but I have used the domain since Dec, 1999 and have it paid for until 2021. In the more distant past, the ".org" has been a parked domain.

I continue to have an issue in Blogger that it seems to “encrypt” images in a Windows 10 environment when logged in to the app (forcing me to go into native html to fix), and sometimes even when viewing postings (in Chrome). This does not happen in previous versions of Windows. This is more likely with images that seem to have some embedded text.

Monday, February 01, 2016

There are numerous reports on the web that Wordpress sites have been vulnerable to hacks, especially related to radical Islam (for want of a better name), that is, ISIS.

Nick Fogle has a detailed post (no date) of how he solved one hack, and the technical knowledge required is considerable, although a lot of it is basic Unix,link.

In fact, on April 7, 2015 the FBI posted an advisory about Wordpress vulnerabilities lead to hacks of some sites purported to be by ISIS, but likely to be domestic imitators. Many of the vulnerabilities are related to “themes” and maintaining security updates from Wordpress (even automating them) is considered essential. Wordpress often puts out new versions of the basic engine to fix possible vulnerabilities, just as Microsoft does. Wordpress sites are different from Blogger in that a copy of Wordpress lives on the customer’s rented space.

Zdnet has a story explaining which obsolete plug-ins are most vulnerable, and says that Google has blacklisted about 10000 sites from its engine because of malware.

A real attack from an overseas enemy (as with the North Korean hack on Sony) could have national security implications, even if it seems improbable for an average small user. After 9/11, there were concerns that enemies could place steganographic instructions on amateur websites, but this has not happened much. I haven't heard of prosecutions of website owners "framed" for possessing some sort of unlawful content (whether child pornography or support for a foreign enemy) but it sounds like something a determined enemy could conceivably pull off. The idea of "mens rea" could possibly be critical.

Update: February 3

eWeek explains the security fixes in the new WordPress 4.4.2 update here. Wordpress has its own explanation here.

Analytics

Privacy Policy

Privacy Policy for billsinternetsafety.blogspot.com

If you require any more information or have any questions about my privacy policy, please feel free to contact me by email at JBoushka@aol.com.

At billsinternetsafety.blogspot.com , the privacy of my visitors is of extreme importance to me. This privacy policy document outlines the types of personal information is received and collected by billsinternetsafety.blogspot.com and how it is used.

Log Files Like many other Web sites, billsinternetsafety.blogspot.com makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons billsinternetsafety.blogspot.com does not use cookies.

DoubleClick DART Cookie

.:: Google, as a third party vendor, uses cookies to serve ads on billsinternetsafety.blogspot.com .
.:: Google's use of the DART cookie enables it to serve ads to your users based on their visit to billsinternetsafety.blogspot.com and other sites on the Internet.
.:: Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy at the following link.

Some of my advertising partners may use cookies and web beacons on my site. My advertising partners include ....... Google Adsense

These third-party ad servers or ad networks use technology to the advertisements and links that appear on billsinternetsafety.blogspot.com send directly to your browsers. They automatically receive your IP address when this occurs. Other technologies ( such as cookies, JavaScript, or Web Beacons ) may also be used by the third-party ad networks to measure the effectiveness of their advertisements and / or to personalize the advertising content that you see.

billsinternetsafety.blogspot.com has no access to or control over these cookies that are used by third-party advertisers.

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. billsinternetsafety.blogspot.com 's privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites.